摘要 |
PROBLEM TO BE SOLVED: To provide a mechanism in which even when the user side and provider of an anonymization processing service are different, it is unnecessary to expose the content of data held by the user side to a third person.SOLUTION: A personal information management system includes: a data management device having a function for encrypting anonymization target data and generalization hierarchical data by using the same secret key, a function for transmitting a processing result as encrypted anonymization target data and encrypted generalization hierarchical data to an anonymization device, and a function for decrypting the encrypted anonymization target data received from the anonymization device to generate anonymization data; and an anonymization device for providing an anonymization processing service to the data management device connected via a network, that is, an anonymization device having a function for receiving the encrypted anonymization target data and the encrypted generalization hierarchical data, a function for anonymizing the encrypted anonymization target data following the encrypted generalization hierarchical data, and a function for transmitting a processing result as the encrypted anonymization data to the data management device. |